[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <C6AF3ECACA6E9A46A2CB2FABCDCB35C40CE9ABCA@swilnts810.wil.fusa.com>
Date: Wed, 11 Jul 2007 07:56:11 -0400
From: <Glenn.Everhart@...se.com>
To: <measl@....org>, <full-disclosure@...ts.grok.org.uk>
Subject: Re: [Humor] [archivists] National Archives
timestamp(fwd)
They discover SHA256 but misunderstand somewhat. There will be cases where
different files yield the same hash, but if the algorithm works as it should
it will be infeasible to generate one given the desired hash value in any
sufficiently simple way.
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of J.A.
Terranson
Sent: Wednesday, July 11, 2007 12:25 AM
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] [Humor] [archivists] National Archives
timestamp(fwd)
The Great Unwashed Masses discover SHA-256!
--
Yours,
J.A. Terranson
sysadmin_at_mfn.org
0xBD4A95BF
"The real point is that you cannot harbor malice toward others and then
cry foul when someone displays intolerance against you. Prejudice
tolerated is intolerance encouraged. Rise up in righteousness when you
witness the words and deeds of hate, but only if you are willing to rise
up against them all, including your own. Otherwise suffer the slings and
arrows of disrespect silently."
Harvey Fierstein is an actor and playwright.
---------- Forwarded message ----------
Date: Tue, 10 Jul 2007 13:52:18 -0500
From: Brad Jensen <brad@...tore.com>
To: 'Bill Cribbs' <cribbswh@...oo.com>, archivists@...oogroups.com
Subject: [archivists] National Archives timestamp
For those who are not aware, there is a computational procedure
you can do for any digital file, that creates a unique number,
called a hash, that only matches that exact file.
There is a Federal standard for one hashing algorithm, called
SHA-1. That is a 160-biit number. More commonly used today is the
SHA-256 hash, that generates a 256 bit number.
Another term for this is 'digital thumbprint'.
In the following discussion I am referring implicitly to the use
of the SHA-256 hash.
If you take a digital file 'A', and you change the order of two
characters in the file, the hash becomes completely different.
No two digital files will have the same thumbprint. You cannot
predict what the thumbprint will be for a file. You cannot forge
or modify a file to match an existing thumbprint.
There are digital time stamping services on the internet that
register these 'thumbprints' to prove a particular file existed
at a particular date and time, and it has not changed.
The US Postal Service offers a time stamping service for a small
fee that they call an 'Electronic Postmark' but it only is kept
for seven years. They also require the user to have a digital
certificate to establish identity of the person time stamping the
file.
I propose something simpler.
I propose that the National Archives create and offer a free time
stamping service that does not require a digital certificate. The
purpose of this is to store and retrieve unique file identifiers
that will establish that a file existed at a certain date and
time, and has not changed.
Then files can be archived in multiple locations across a
distributed network, and their identity and authenticity will
remain unquestionable.
This service would be a public good, similar to the digital time
source offered by the Navy, for example.
The National Archives will keep these timestamps in perpetuity.
They would basically be entries in a database, with a 32-byte
thumbprint, date and time. They would be a public record, so
anyone can look up a thumbprint and now the date and time it was
registered.
Can others see the value of this idea?
I can write the basic software for this. One part would be a
database for the National Archives with a web XML interface for
registering and retrieving the thumbprints.
It would include a feature to thumbprint each day's database
entries, to eliminate any possibility of human interference in
the process. You don't have to trust anybody or even the
institution, since the thumbprints are impossible to forge.
The second thing would be a program, downloadable from a web
page, to calculate and submit the thumbprint. I can write it in
Windows, publish the source, and others could do the same for
Linux, etc.
What could it be used for? Scanned images, photographs, text
documents, backup files, sound recordings, web pages, newspapers,
anything that can be digitized.
Since the only submission is the thumbprint and not the file,
files can remain private yet still be authenticated later.
And the processing load on the server is tiny.
The other alternative to have someone like the National Archives
do it, is to do it ourselves as a distributed database with
replication across many sites and servers.
I can do it myself, but this needs institutional support to last
forever.
That institution can be a formal body like the National Archives,
or an ad hoc self-organizing one. Perhaps the latter makes sense
in this global internet world.
I think of this as the 'Forever Project' since it is the first
thing designed to last forever.
Brad Jensen
President
LaserVault LLC
www.laservault.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-----------------------------------------
This transmission may contain information that is privileged,
confidential, legally privileged, and/or exempt from disclosure
under applicable law. If you are not the intended recipient, you
are hereby notified that any disclosure, copying, distribution, or
use of the information contained herein (including any reliance
thereon) is STRICTLY PROHIBITED. Although this transmission and
any attachments are believed to be free of any virus or other
defect that might affect any computer system into which it is
received and opened, it is the responsibility of the recipient to
ensure that it is virus free and no responsibility is accepted by
JPMorgan Chase & Co., its subsidiaries and affiliates, as
applicable, for any loss or damage arising in any way from its use.
If you received this transmission in error, please immediately
contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format. Thank you.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists